CVE-2025-24547: 
WordPress vulnerability analysis and mitigation

The WordPress Caching Compatible Cookie Opt-In and JavaScript plugin contains a Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-24547. The vulnerability affects versions up to and including 0.0.10 of the plugin. This security issue was discovered by researcher SOPROBRO and was publicly disclosed on January 24, 2025 (Patchstack, WPScan).

The vulnerability is classified as a Stored Cross-Site Scripting (XSS) issue that occurs due to insufficient input sanitization and output escaping in the plugin. The severity is rated as Low to Medium with a CVSS score of 6.4-6.5. The vulnerability falls under the OWASP Top 10 category A3: Injection and is tracked as CWE-79 (WPScan, Patchstack).

The vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious scripts into web pages. When executed, these scripts can potentially lead to unauthorized actions such as redirects, insertion of unwanted advertisements, and execution of other HTML payloads when visitors access the affected pages (WPScan, Patchstack).

The vulnerability has been fixed in version 0.0.11 of the plugin. Users are advised to update to version 0.0.11 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).